The Internet firewall controls traffic between the Internet and public IP addresses.
After Cloud Firewall is activated, you can enable or disable the Internet firewall
for public IP addresses within your Alibaba Cloud account. This topic describes how
to enable or disable the Internet firewall.
Prerequisites
The public IP address quota is not exhausted. The public IP address quota refers to
the maximum number of public IP addresses that the Internet firewall can protect.
For more information about the public IP address quotas in different Cloud Firewall
editions, see
Functions and features. To increase the quota, you can go to the Upgrade/Downgrade page and set Protected
Public IP Addresses to a greater value based on your business requirements. For more
information, see
Upgrade Cloud Firewall and change configurations.
Background information
All the protection capabilities of Cloud Firewall are provided after firewalls are
enabled. After you enable the Internet firewall, Cloud Firewall detects and analyzes
traffic of public IP addresses.
Note We recommend that you enable the Internet firewall for all assets within your Alibaba
Cloud account.
Procedure
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Internet Firewall tab, enable or disable the Internet firewall for public IP addresses.
You can enable or disable the Internet firewall for all public IP addresses within
the current Alibaba Cloud account with a few clicks. You can also enable or disable
the Internet firewall for one or more public IP addresses.
You can perform the following operations on the Internet Firewall tab:
- Enable or disable the Internet firewall for all public IP addresses
- In the upper-left corner of the IP address list, click Enable or Disable.
- In the Confirm message, click OK to enable or disable the Internet firewall for all public IP addresses.
You can also turn on Automatically Enable Firewalls for New Assets. After the switch is turned on, the Internet firewall is automatically enabled for
newly added public IP addresses within the current Alibaba Cloud account.
- Enable or disable the Internet firewall for one or more public IP addresses
- In the IP address list, find the public IP addresses for which you want to enable
or disable the Internet firewall.
You can search for the IP addresses based on specific conditions, such as Asset Type, Region, and Firewall Status. Alternatively, you can enter an instance ID or UID to search for IP addresses.
- Select the required IP addresses and click Enable Firewall or Disable Firewall in the lower-left corner of the list. You can also click Enable Firewall or Disable Firewall in the Actions column of an IP address.
Result
After you enable the Internet firewall, wait until the firewall status changes to
Enabled in the Firewall Status column. The value Enabled indicates that the Internet firewall takes effect. After
you disable the Internet firewall, wait until the firewall status changes to Disabled in the Firewall Status column. The value Disabled indicates that the Internet firewall
no longer provides protection. It requires several seconds for the firewall status
to be updated.